Full Disclosure mailing list archives
Re: XSS at Citibank.co.uk
From: Frank de Wit <frankdewit () home nl>
Date: Sun, 14 Aug 2005 13:47:37 +0200
i have read perhaps a thousand emails since 1995 or so about (full)disclosure... i hope i read them well enough... this is my first reaction to one (if i remember well)
i think Bob's email is short, accurate and (one of) the best... if there's a bad product in the market, no matter what markettell all your friends it's a bad product and tell them why you think that (proof would be nice instead of just feelings about people on a helpdesk ;-) then tell all your friends what new better product you are using now and why it's better and then stop talking about it... step back from the discussion and let everyone create their own opinion producers of bad products will improve or... cease to exist, end of problem, some will die fast, some take more time (and a little help from us)... we are always stronger than multinational companies and governments (large marketing machines are also expensive :-)
talking about disclosure is a question already answered too often, let's take it a step further now
-all information should be free and publically accessable for everyone- -i am the only one to decide what to read and what to say- -- the next great task for mankind is to slow down... bruen () coldrain net wrote:
Hi Jim, Besides the obvious, exactly why should Cisco or any other vendor in our business be shielded from public scrutiny on products which are faulty? I am sure that Merck would like to have kept Vioxx on the market, even though people died from it. I am just as sure that Guidant Corp did not want the problems with their pacemakers made public, so that they have to fix them for free. What about Ford Explorers and exploding tires? They can't even give them away today. Since there is no equivalent to Consumer Reports for us, we are left with public disclosure. If it is important enough to stop public disclosure of problems, then it's important enough for vendors to start taking responsbility for what they produce. The resources going into stopping public disclosure would be better used to help secure the products. Those lawyer fees would be a good start. regards, bob On Sun, 14 Aug 2005, Jim Duncan wrote:While any method of contact is better than none, may I suggest you check the list of FIRST teams at http://www.first.org/ before posting publicly? While I can't guarantee any given organization will be a member -- nor can I guarantee a response to the given address -- Citigroup is a long-time member of FIRST, and their first-team members have demonstrated excellent responsiveness in the past.snip... FIRST Steering Committee Member and FIRST.Org, Inc., Board of Directors
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS at Citibank.co.uk Andrew Smtih (Aug 13)
- Re: XSS at Citibank.co.uk Jim Duncan (Aug 13)
- Re: XSS at Citibank.co.uk bruen (Aug 14)
- Re: XSS at Citibank.co.uk Frank de Wit (Aug 14)
- Re: XSS at Citibank.co.uk bruen (Aug 14)
- Re: XSS at Citibank.co.uk Jim Duncan (Aug 13)